Like build or buy, network or endpoint is a false choice. You can't do a good job without both, and in any given intrusion both have value.
The best endpoint-based tools give you "enough" network, thus endpoint tends to have a fast time to value for detection, investigation. https://twitter.com/MalwareJake/status/944622938044682240
12/24/2017, 9:11:38 AM